Lucas O'Rourke

Lucas O’Rourke works at the intersection of networking and security. In industry, including his time at Amazon, he has built and operated large-scale distributed systems, with a focus on how real-world infrastructure behaves under load. A significant part of his security work has centered on OAuth and modern API authentication and authorization–designing delegated access flows, tightening token validation and least privilege practices, and addressing the kinds of subtle misconfigurations that often lead to outsized security failures.

More recently, his attention has shifted toward AI security and the emerging protocols that enable agentic access to production systems, both with a human-in-the-loop and autonomously, including the Model Context Protocol (MCP) and the Agent-to-Agent (A2A) protocol. He is particularly interested in how familiar ideas—strong identity, least privilege, capability scoping, and careful trust boundaries—need to evolve when agents can dynamically discover tools and act on a user’s behalf. His work connects established security principles with the rapidly developing ecosystem of autonomous, protocol-driven systems.